Cheap connected home devices threatening our security and privacy

The evolving Internet of Things (IoT) poses a serious security and privacy threat to both Internet users and access providers. All these cheap little devices that we order en masse from online marketplaces all over the world and connect to our home networks without a second thought provide easy-to-exploit attack surfaces. Given the fact that most of these devices will never in their lives receive a software update -- the smallest ones don't even have the memory to perform such a thing -- it's not a matter of if but when malicious parties find their way into your home network.

Hacked devices then serve as springboards to infect other devices and upstream systems. Or they become part of botnets collecting valuable data, sending spam, and launching Distributed Denial-of-Service (DDoS) attacks from the access network. They may even penetrate company networks and servers when we are working from an infected home network.

A sea of unmanaged home devices

Taking into account that the IoT will soon comprise tens of billions of networked devices, of which a large portion will be unmanaged machine-to-machine (M2M) home devices, the security and privacy risks will affect all Internet users. Over the next few years the number of networked devices in a typical "connected home" is expected to run in the dozens. If we don't take measures to mitigate the risks involved with this new hyperconnected world, we may very well lose control over our smart homes. As a consequence, Internet users will run a high risk of becoming victims of ransomware, identity theft, theft of valuable information and assets, and the publication of sensitive and private information.

Maintaining control

Anticipating this imminent future in which our environment will be infested with unmanaged devices, we have developed software that allows end users and access providers to maintain control over all the devices connected to the home network. The software bears the name SPIN -- short for Security and Privacy for In-home Networks -- and provides end users with an interface that shows all devices connected through the home gateway and their traffic flows. Users can drill down to get more information on a specific device, and use the resulting pop-up to ignore, rename, block, or whitelist this node. Access providers can be provided with the same insight and functionality from their side of the gateway, and add an interface that allows them to easily integrate SPIN into their existing security management infrastructure and self-help portals. The SPIN software itself can directly be incorporated into any home router (CPE) by the manufacturer as part of an OpenWrt/Linux image.

White paper

You can find more detailed information on SPIN in our white paper 'Managing unmanaged home devices'. If you want a first-hand experience of SPIN's features, a binary image for the Raspberry Pi is readily available for download.

Downloads

  • Monday 28 January 2019

    .nl domain name

    Registrar Scorecard yields great results

    Thumb-illustration-charts

    Adoption of standards on the up as incentive payments top 1.5 million euros

    Read more
  • Tuesday 7 May 2019

    Internet security

    "By taking a few simple precautions, you can protect yourself against 99% of threats"

    Maria-Genova-thumbnail

    Een interview met onderzoeksjournalist en schrijfster Maria Genova, auteur van Komt een vrouw bij de h@cker

    Read more
  • Monday 30 September 2019

    DNSSEC

    Problematic domain names? Don't disable DNSSEC validation!

    Thumb-internet-security

    Better to set a negative trust anchor

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.